1. Field of the Invention
The present invention generally relates to data encryption and, more particularly, to methods and apparatus for updating parameters used for encryption, such as version control parameters.
2. Description of the Related Art
A system on a chip (SOC) generally includes one or more integrated processor cores, some type of embedded memory, such as a cache shared between the processors cores, and peripheral interfaces, such as memory control components and external bus interfaces, on a single chip to form a complete (or nearly complete) system. The use of cache memory hierarchies is well established to improve a processor performance by reducing and/or eliminating read access requests to external memory.
As part of an enhanced security feature, some SOCs encrypt some portions of data prior to storing it in external memory. Adding such encryption to an SOC may add valuable benefits, such as preventing a hacker from obtaining instructions of a copyrighted program, such as a video game, or data that may be used to determine such instructions through reverse engineering. When the encrypted data is subsequently retrieved from external memory, it must first be decrypted before it can be used by the processor cores.
Certain types of security information (referred to as metadata) may be employed in an effort to enhance security. For example, an integrity check value may be calculated when encrypted data is written out to external memory and stored. This stored integrity value may be compared against an integrity value calculated when retrieving the encrypted data, with a mismatch indicating the encrypted data has been tampered with. Further, a security version value may be used to affect encryption in some manner. Changing this security version value often (e.g., on every encrypted write to external memory) may prevent unauthorized users (e.g., hackers) from gaining knowledge about security by monitoring data traffic.
In some cases, this security metadata itself may be encrypted and stored externally. Because external memory resources are typically much greater than internal memory resources, storing such metadata externally may allow security to be applied to a much larger memory space than if such metadata was only stored internally. However, in such cases, before encrypted data can be decrypted and validated, the corresponding security metadata used for the encryption must be retrieved and decrypted. As a result, while security metadata may lead to enhanced security, storing this security metadata externally may result in additional latency when retrieving the corresponding encrypted data.
Accordingly, what is needed is a mechanism for reducing latency associated with externally stored security metadata.